CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

CVE-2008-3271

CVE-2008-3271 affects Apache Tomcat 5.5.0 and Tomcat 4.1.0 through 4.1.31. The issue is a synchronization-related defect that allows a remote attacker to bypass IP address restrictions and obtain sensitive information when a request is processed concurrently with another in a different thread, re...

CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

PT-2008-4686 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.31 Apache Tomcat version 5.5.0 Description: The issue allows remote attackers to bypass IP address restrictions and obtain sensitive information due to a synchronization problem and lack of thread...

CVE-2008-2997

Cross-site scripting XSS vulnerability in index.php in Gravity Board X GBX 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit aka create new thread action...

Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (ruby)

Exploit for multiple platform in category remote exploits ============================================================= Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit ruby ============================================================= !/usr/bin/ruby Debian SSH Key Tester L4teral This tool...

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)

!/usr/bin/ruby Debian SSH Key Tester L4teral This tool helps to find user accounts with weak SSH keys that should be regenerated with an unaffected version of openssl. You will need the precalculated keys provided by HD Moore See http://metasploit.com/users/hdm/tools/debian-openssl/ for further...

woltlab-csrf.txt

WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability Vendor: woltlab.de Version: Lite 2 Beta 1 Released: March 6 2008 Bug found by NBBN on March 8 2008 ::Example ::Fix No codefix...

CVE-2008-0788

Multiple cross-site request forgery CSRF vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to 1 hijack the authentication of moderators or administrators for requests that delete threads via a domultideletethreads action to moderation.php and 2 hijack the authentication of arbitra...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in modcp.php in Woltlab Burning Board wBB 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a threaddel action...

CVE-2008-0472

Cross-site request forgery CSRF vulnerability in modcp.php in Woltlab Burning Board wBB 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a threaddel action...

PYSEC-2008-8

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool...

CoolPlayer 2.17 .m3u Playlist Stack Overflow Exploit

No description provided by source. CoolPlayer, Latest Build: 217 Web:: http://coolplayer.sourceforge.net/ Playlist.m3u File Local Buffer Overflow Exploit Vuln: http://www.securityfocus.com/bid/21396 Greetz: Luigi Auriemma que ha descubierto una nueva vulnerabilidad en este software junto...

Digging inside the operating system does not export the function,will be injected to the end-vulnerability warning-the black bar safety net

InjectCode for Win9x.. Article author:Anskya Original source:see snow Forum Reproduced please retain the copyrightThank you Now injected many ways,but without the outer cover three: 1. Using the mapping code and then create a remote thread 2. The use of the message hook to insert the DLL in two 3...

Design/Logic Flaw

The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method...

CVE-2007-6382

The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method...

CVE-2007-6382

The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method...

CVE-2007-6382

Summary: Robocode versions before 1.5.1 are affected by an arbitrary code execution vulnerability involving the Event Dispatch Thread (EDT). According to the documents, a robot can trigger Java code execution by invoking SwingUtilities.invokeLater on the EDT. Affected product/component: Robocode ...

CVE-2007-6382

The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method...

IBM Director fails to properly time-out connection requests from clients

Overview IBM Director Systems, specifically CIM Server, contains a denial-of-service vulnerability that can allow a remote, unauthenticated attacker to render Director inoperative. Description IBM Director is a suite of system management tools.When a rogue connection request is made to IBM Direct...